All bank thieves are opportunist, just waiting for the right moment to strike. When and where this happens might be unknown to financial institutions, but along with the many tactics crooks employ to defeat authentication solutions, we are starting to learn more about the time in which they choose to attack.
According to the recent ABA Banking Journal article, “Criminals target contact centers at vulnerable time,” crooks take advantage of the times they believe banks are the least protected, or may have their guards down. One of these scenarios is during a merger or acquisition. With everything changing, bank representatives are learning new products and systems, which can leave them vulnerable.
For call centers, Shirley Inscoe, senior analyst at Aite Group, said another time thieves could strike is when the online banking channel is down as a result of a denial of service attack on the bank’s website.
“During a distributed denial of service attack, when the online banking channel is not available, they will flood into the contact centers knowing that they are overwhelmed. The contact centers are trying to assist customers as quickly as possible. Security may not be at its best. Contact people may be taking short cuts in their authentication procedures. So the criminals strike particularly at those times.”
This is something I discussed in the posting, “Are recent DDoS attacks really a decoy for bank call center fraud?”
The point is, whatever business situation should arise, whether it’s a company merger or deployment of new technology, financial institutions should never find themselves in a position where they are vulnerable to bank fraud. Having authentication solutions in place to identify customers over the telephone is paramount to meeting your customers’ banking needs and securing your confidential data from criminal threats.
Of the banks that Inscoe has talked to, many are looking into technology solutions that don’t depend on traditional knowledge-based questioning techniques, which are expensive, time-consuming and are no longer predictive for identifying customers over the phone.
A security tool like the TRUSTID® Physical Caller Authentication tool uses real-time telephone network forensics to proactively identify customers without relying on personal identifiable information (PII) to do so. As an additional layer of authentication that validates the caller’s telephone pre-answer, TRUSTID helps banks build multi-layered defense that closes the door on opportunities that thieves look for when timing their attacks.